My computer was infected a while ago with Spysheriff and I got rid of it. But I discovered a red circle with a white cross in my taskbar. When I move my mouse over it, it says 'Your computer is infected':

Answer:

This one is easy to get rid off.

Open the task manager (press Control+Alt+Del)

Select Processes and look for a process named 13242.exeor similar (a pattern of numbers) and kill this process.
Look for a process named Archive.exe and kill it as well.Note that the name of this other program may be different in your case - a known other name is tool2.exe .

Search your hard disk for the file name 13242.exe (or whatever number it may have been in your case). In my case this was in:
\Documents and Settings\user1\Lokale Einstellungen\Temp
Other users reported to have found these files in c:\Windows.

As you can see in the screenshot, I found a LOT of executable files there, most of them the length 0. I could not delete those files until I had killed process 'Archive.exe'.

The file archive.exe was entered as an auto-start in the registry here:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

i don't have any of these files and i have the 'your computer is Infected' I don't download??

2006-07-07, 15:20:07

anonymous from United Kingdom

post up the names of the processes here

2006-07-13, 00:34:35

anonymous from United States

I purchased Spyware Doctor, ran it, and all my troubles are gone!! It is $29.95 but worth every penny.

2006-07-23, 18:17:12

anonymous from United States

winstall.exe was my variant. After removing it from my task manager, I performed a simple search for the file 'winstall.exe' and came up with two files. I didn't know which one to delete so I highlighted both files and clicked on 'properties.' One file was created a very long time ago but the other file was created the same day that I was attacked by the spyware. I deleted that file and now my computer is back to normal.

Thank you, winstall.exe was the issue for me. Does anyone know why products like Norton don't protect against this?

2006-08-15, 13:00:30

anonymous from United Kingdom

hello can you help me please i cant find any of those archive or 13242.exe so can you tel me what to do??

2006-08-21, 02:12:43

anonymous from Hong Kong

I am using win me and i gone to some adult site and there i got this virus Spysheriff and i got this Red circle with white cross in taskbar tray ca9396ef.exe.i already rid of that spysheriff but i couldn't delete that red circle,as u mention delete the file with numbers,so i deleted but the file keeps coming back,what should i do,pls help,thanks.

2006-09-02, 07:09:22

anonymous from United States

the latest avg antivirus and windows defender removed it for us norton does not catch half of the viruses avg is the best there is a free version but you have to search for it get it from only the grisoft web site

2006-09-12, 17:36:52

anonymous from Australia

i saw one that was xpupdate.exe as well

2006-09-12, 23:07:32

anonymous from United States

my version was in the C;/Program Files as a folder named 'Pest Trap'

2006-09-14, 20:56:34

anonymous from United States

To get rid of the annoying red circle with the white X:
Select run type in MSCONFIG. Go to startup. Find wistall.exe and delete the X from the box.
Wistall is the cause of the spyware FALSE information.
All will be well.

2006-10-05, 07:15:17

anonymous from United States

Go to the following website and follow instructions. It might actually take 2 or 3 tries to complete removal as well as manually removing winstall, bikini and n. Good luck.